From 2618e6d51694578c938c34aa5f85bdb907899795 Mon Sep 17 00:00:00 2001
From: Sloane Hertel <shertel@redhat.com>
Date: Tue, 9 May 2017 14:01:37 -0400
Subject: [PATCH] ec2_elb_lb: allow elb scheme to be updated by restarting the
 resource - fixes #19116 (#22916)

* allow elb scheme to be updated by restarting the resource

use ensure_gone and require wait option

* fix pep8

* fix yaml

* requested changes

* fix fail_json
---
 .../modules/cloud/amazon/ec2_elb_lb.py        | 27 +++++++++++++++----
 1 file changed, 22 insertions(+), 5 deletions(-)

diff --git a/lib/ansible/modules/cloud/amazon/ec2_elb_lb.py b/lib/ansible/modules/cloud/amazon/ec2_elb_lb.py
index 0c4f3c5018b..03cc12322cf 100644
--- a/lib/ansible/modules/cloud/amazon/ec2_elb_lb.py
+++ b/lib/ansible/modules/cloud/amazon/ec2_elb_lb.py
@@ -108,6 +108,9 @@ options:
   scheme:
     description:
       - The scheme to use when creating the ELB. For a private VPC-visible ELB use 'internal'.
+        If you choose to update your scheme with a different value the ELB will be destroyed and
+        recreated. To update scheme you must use the option wait.
+    choices: ["internal", "internet-facing"]
     required: false
     default: 'internet-facing'
     version_added: "1.7"
@@ -494,10 +497,15 @@ class ElbManager(object):
             # Zones and listeners will be added at creation
             self._create_elb()
         else:
-            self._set_zones()
-            self._set_security_groups()
-            self._set_elb_listeners()
-            self._set_subnets()
+            if self._get_scheme():
+                # the only way to change the scheme is by recreating the resource
+                self.ensure_gone()
+                self._create_elb()
+            else:
+                self._set_zones()
+                self._set_security_groups()
+                self._set_elb_listeners()
+                self._set_subnets()
         self._set_health_check()
         # boto has introduced support for some ELB attributes in
         # different versions, so we check first before trying to
@@ -873,6 +881,15 @@ class ElbManager(object):
             if subnets_to_detach:
                 self._detach_subnets(subnets_to_detach)
 
+    def _get_scheme(self):
+        """Determine if the current scheme is different than the scheme of the ELB"""
+        if self.scheme:
+            if self.elb.scheme != self.scheme:
+                if not self.wait:
+                    self.module.fail_json(msg="Unable to modify scheme without using the wait option")
+                return True
+        return False
+
     def _set_zones(self):
         """Determine which zones need to be enabled or disabled on the ELB"""
         if self.zones:
@@ -1246,7 +1263,7 @@ def main():
         health_check={'default': None, 'required': False, 'type': 'dict'},
         subnets={'default': None, 'required': False, 'type': 'list'},
         purge_subnets={'default': False, 'required': False, 'type': 'bool'},
-        scheme={'default': 'internet-facing', 'required': False},
+        scheme={'default': 'internet-facing', 'required': False, 'choices': ['internal', 'internet-facing']},
         connection_draining_timeout={'default': None, 'required': False, 'type': 'int'},
         idle_timeout={'default': None, 'type': 'int', 'required': False},
         cross_az_load_balancing={'default': None, 'type': 'bool', 'required': False},